diff --git a/doc/source/contributor/automated.rst b/doc/source/contributor/automated.rst
index bdd1b0518..27d1efbaf 100644
--- a/doc/source/contributor/automated.rst
+++ b/doc/source/contributor/automated.rst
@@ -89,6 +89,30 @@ This can be added using the following commands::
     sudo ip l set eth1 up
     sudo ip l set eth1 master breth1
 
+Configuration
+-------------
+
+Enable TLS
+^^^^^^^^^^
+
+Apply the following configuration if you wish to enable TLS for the OpenStack
+API:
+
+Set the following option in ``config/src/kayobe-config/etc/kayobe/kolla.yml``:
+
+.. code-block:: yaml
+
+   kolla_enable_tls_internal: "yes"
+
+Set the following options in
+``config/src/kayobe-config/etc/kayobe/kolla/globals.yml``:
+
+.. code-block:: yaml
+
+   kolla_copy_ca_into_containers: "yes"
+   openstack_cacert: "{% if os_distribution == 'ubuntu' %}/etc/ssl/certs/ca-certificates.crt{% else %}/etc/pki/tls/certs/ca-bundle.crt{% endif %}"
+   kolla_admin_openrc_cacert: "{% if os_distribution == 'ubuntu' %}/etc/ssl/certs/ca-certificates.crt{% else %}/etc/pki/tls/certs/ca-bundle.crt{% endif %}"
+
 Usage
 -----
 
@@ -109,6 +133,10 @@ its dependencies in a Python virtual environment::
    changes will not been seen until you reinstall the package. To do this you
    can run ``./dev/install.sh``.
 
+If you are using TLS and wish to generate self-signed certificates::
+
+    export KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES=1
+
 Run the ``dev/overcloud-deploy.sh`` script to deploy the OpenStack control
 plane::